Secure server architecture for web based data management
First Claim
1. A method comprising:
- receiving a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; and
dispatching the service request, via a back-end server to a proxy service linking to one of a plurality of applications;
wherein a first one of the plurality of firewalls accepts the service request from the client and routes the service request from the client to at least one of a plurality of preselected addresses behind the first one of the firewalls in accordance with a first set of filtering rules; and
a second one of the plurality of firewalls accepts the service request from the server and routes the service request from the server to at least one of a plurality of preselected addresses behind the second one of the firewalls in accordance with a second set of filtering rules.
6 Assignments
0 Petitions
Accused Products
Abstract
A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; and dispatching the service request, via a back-end server to a proxy service linking to one of a plurality of applications; wherein a first one of the plurality of firewalls accepts the service request from the client and routes the service request from the client to at least one of a plurality of preselected addresses behind the first one of the firewalls in accordance with a first set of filtering rules; and
a second one of the plurality of firewalls accepts the service request from the server and routes the service request from the server to at least one of a plurality of preselected addresses behind the second one of the firewalls in accordance with a second set of filtering rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
an interface configured to receive a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; and a processor configured to dispatch the service request, via a back-end server to a proxy service linking to one of a plurality of applications; and
further configured to;accept the service request from the client and route the service request from the client to at least one of a plurality of preselected addresses behind a first one of the plurality of firewalls in accordance with a first set of filtering rules; and
accept the service request from the server and route the service request from the server to at least one of a plurality of preselected addresses behind a second one of the plurality of firewalls in accordance with a second set of filtering rules. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a server within a secure network area that employs a plurality of firewalls, wherein the server receives a service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; and a back-end server, wherein the service request is provided to an interface configured to receive the service request over a private data network from the server, wherein the service request is dispatched via the back-end server to a proxy service linking to one of a plurality of applications; and wherein a first one of the plurality of firewalls accepts the service request from the client and routes the service request from the client to at least one of a plurality of preselected addresses behind the first one of the firewalls in accordance with a first set of filtering rules; and
a second one of the plurality of firewalls accepts the service request from the server and routes the service request from the server to at least one of a plurality of preselected addresses behind the second one of the firewalls in accordance with a second set of filtering rules. - View Dependent Claims (18, 19, 20)
-
Specification